Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: The '12 Commandments' of PCI compliance

By Michael Essany     Aug 28, 2013 in Business
Whether you run a business virtually, via mobile, or in a traditional storefront, accepting payments from customers is vital to the survival of your enterprise.
Equally as important to your survival - not to mention the peace of mind of your customers - is the security of the transactions you facilitate.
Given that 85% of all credit card-related security breaches occur at smaller companies, small businesses are compelled like never before to take responsible steps to protect customer privacy and financial data. In particular, this means going the extra mile to ensure that their merchant account details and equipment are PCI compliant.
Although the term "PCI compliant" is ubiquitous in the world of business today, few can actually explain what it means. So what is the PCI data security standard and why should you care about it?
The PCI Security Standards Council was formed in September 2006 by the five major credit card brands: Visa, MasterCard, American Express, Discover, and the Japanese Credit Bureau (JCB). Ever since, the Payment Card Industry (PCI) data security standard has played an integral part in shielding consumer payment card data from criminals.
"No matter what size your business, or how many transactions you process, there are twelve basic requirements that all merchants must adhere to be considered PCI Compliant," reads a recent blog entry from North American Bancard, a provider of merchant services to more than 180,000 businesses in North America.
The commandments are as follows:
1. Install and maintain a firewall configuration to protect cardholder data via a secure network.
2. Change vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Maintain a vulnerability management program by using and regularly updating anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.
Bob Russo, General Manager of the PCI Security Standards Council, believes that it has never been more important for business owners to learn more about PCI compliance and basic security practices. "Education is a big issue," Russo asserts. "Some of the smaller merchants that just come into the business don't really know what their responsibilities are with regard to handling credit cards."
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of
More about Small businesses, payment security, credit card payments
Latest News
Top News